04-25-2016 09:37 AM
I must be missing something simple and just am not seeing what I am doing wrong being a newbie to the Aruba system and centralized management with Airwave..
I have 3 sites, Site A, Site B, and Site C. The sites all have their own Windows domain controller which also functions as the DHCP server for those sites. The sites are all connected via site-to-site VPNs.
Site A has The Airwave, ClearPass, and a bunch of APs, all controlled by one Instant Virtual Controller.
Site B and Site C just have APs, all controller by their own Virtual Controller since they are on their own VLAN. The Airwave is on the same VLAN as the DHCP server in Site A. All authentication (RADIUS and LDAP) and DHCP scopes for internal users (VLAN 40 and DHCP 172.16.40.x) and Guest (VLAN 100 and DHCP 172.16.100.x) work fine.
At the remote sites I have the RADIUS authentication working, talking to the Windows DCs at each site. So that is great. I cannot get DHCP to work at each site, where it should be using each sites local DHCP server. DHCP just fails and I am not sure why. The DC is the DHCP server, so I know the server is reachable. I just do not see the DHCP requests reaching the DHCP server.
In Airwave I go to the Instant Config and open the VC. For Site A I just have the correct VLAN entered in the VLAN section for the SSID. At Site B and Site C that did not work so under the DHCP Server I have created Centralized DHCP scopes and have tried to use L2 and L3, but neither are working. It does not seem like I would want to do any of the others.
Am I seeing things correctly and is this the way to do it? Hopefully I am reading the docs correctly, but not certain. It seemed to make sense until the point it did not work.
Thanks for any pointers
Solved! Go to Solution.
04-25-2016 10:22 AM
I guess you have already checked this, but just in case.
Do you have the DHCP helper pointing to the DC DHCP server ?
ACMX #567 //ACCP//CWNA
04-25-2016 10:31 AM
Unfortunately I do have the Helper address entered. I also have DHCP relay enabled on L3 and L2 and I have L2 disabled Split tunnel. Since it did not seem necessary I have left Option 82 set to None.
04-25-2016 10:51 AM - edited 04-25-2016 10:52 AM
I have re-read your question. What do you mean with "or Site A I just have the correct VLAN entered in the VLAN section for the SSID. At Site B and Site C that did not work so under the DHCP Server I have created Centralized DHCP scopes and have tried to use L2 and L3, but neither are working. It does not seem like I would want to do any of the others. ".
when you connect the IAP it obtains the IP address from the site Domain controller that is acting as dhcp server too, right?
So You connect the AP to a trunk port with ap mgmt vlan, vlan 40 and 100 as your SSID traffic will break out locally.
you don't need to configure any dhcp service in the VC as you are not using the AP's to act as a DHCP server, nor dhcp relay through a vpn tunnel.
ACMX #567 //ACCP//CWNA
04-25-2016 11:03 AM
That is interesting. I should say I have the SSIDs defined on each Virtual Controller and not on the root level. On the SSIDs for site A I have the VLAN settings set for Network Assigned; Static;VLAN 40 (for instance)
On Site B I initially had it set for Network Assigned, Static, VLAN 12. That did not work so thta is when I delved down into using the DHCP Server area.
I figured the DHCP request would be coming from the Virtual Controller or at most the APs. With those being on the local network I just figured they would get the DHCP info from the local network. I did not check before I joined it to Airwave and do not see how to remove the Virtual Controller from Airwave to check to narrow down if it is a Virtual Controller issue or an Airwave issue. Sounds like it should have worked the initial way I had it.Do you know how to remove the VC from Airwave so I can start at the bottom and rebuild this and see where it fails?
04-25-2016 12:17 PM
I assume this is not in production. Can we go back to the initial scenario you tried to configure?
Clearpass, DC, DHCP, Airwave in VLAN X. Everything in your Site A.
Site A has: mgmt AP VLAN, corp (vlan 40) and guest (vlan 100)
Site B you have: mgmt AP VLAN (same or other VLAN that Site A), corp (vlan 12) and guest (vlan 200)
Site A works perfectly.
Site B: Your AP receives an IP address from Site B's DHCP server. It allows the IAPs to come up. The IAPs are connected to a trunk port with your mgmt vlan, corp and guest vlan.
Routing is configured correctly to acces VLAN X from the APs and viceversa.
DHCP scopes are created in SiteB's DHCP server. You can test it wiredly to avoid IAP misconfiguration.
And this should work. Each Site has its own AP cluster and its own subnets.
I believe you have Airwave as manage read/write from your description, so you can't configure the Cluster directly from the Virtual Controller. However, you can do it from Airwave. You will a similar UI. (let me know if you have problems with this).
Also, I guess you will have each cluster in a different group as they are not sharing the same configuration.
ACMX #567 //ACCP//CWNA
04-26-2016 07:32 AM
I will be testing today. What I have just done to Site B which matches the setup for Site A:
1. Removed the DHCP Servers from each VC
2. Reconfigured VLAN on each SSID to be Network Assigned/Static/VLAN ID 12
I have 3 SSIDs, one using ClearPass, one using RADIUS, and one using PSK. The auth is working, but I had these set up during testing so just checking them all.
These VLANs currently do work with our Cisco wireless environment which we are replacing, so I know that the scopes are working.
I will test later on and let you know.
04-29-2016 12:10 PM
This one was a networking issue on my part which we figured out by going back to the defaults like you suggested. Once I made the networking changes we were able to work like I had originally tried and like you had confirmed should work.
We are replacing an old Cisco wireless network with the Aruba at all sites. At Site A we are mostly Comware switches, the other sites mostly Procurve. On the Comware switches I have trunk ports for the Cisco APs. I duplicated that for the Aruba APs and all was good and working as you would think.
On the Procurve switches for the Cisco APs I have the AP network untagged and that is it. So, I did that for the Aruba APs.
When testing at the other site we finally put a SSID on the Default network and we were able to connect. When we then tried to make that one of the wireless networks it was failing. So, it was not passing over the VLANs correctly. I then Tagged the wireless VLANS on the AP ports and lo-and-behold everything started to work.
So, the Cisco wirless network works differently and must be due to the central controller. With the Aruba being decentralized it requires all the VLANS to be available on the ports. Makes perfect sense, but I hate it when the answer like that.
Borja, thank you so very much for the excellent help.